I guess this makes sense to avoid these kind of issues.



> -----Ursprüngliche Nachricht-----
> Von: Stefan Eissing [mailto:stefan.eiss...@greenbytes.de]
> Gesendet: Mittwoch, 11. April 2018 11:49
> An: dev@httpd.apache.org
> Betreff: SNI normalization?
> Feedback desired:
> Checking my server logs, I regularly see clients using SNI with port
> identifier,
> as in: test.example.org:443
> I am not sure what client that is, but we do not identify the vhost that
> is
> (probably) intended. Then the request comes in, and there we have magic
> that
> finds the correct r->server. Then we mod_ssl sees that sslconn->server
> != r->server
> and does some compatibility checks. If the base server and vhost have
> incompatible
> settings (e.g. other certs/ciphers etc.), the request fails.
> This seems to be wrong. Do we need the same normalization that we have
> in Host: header
> parsing in SNI?
> -Stefan

Reply via email to